2009-09-17 08:24:33 -04:00
|
|
|
require 'test_helper'
|
|
|
|
|
require 'digest/sha1'
|
|
|
|
|
|
|
|
|
|
class AuthenticableTest < ActiveSupport::TestCase
|
|
|
|
|
|
|
|
|
|
test 'should respond to password and password confirmation' do
|
|
|
|
|
user = new_user
|
|
|
|
|
assert user.respond_to?(:password)
|
|
|
|
|
assert user.respond_to?(:password_confirmation)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should have email acessible' do
|
|
|
|
|
assert field_accessible?(:email)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should have password acessible' do
|
|
|
|
|
assert field_accessible?(:password)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should have password confirmation accessible' do
|
2009-09-20 09:13:42 -04:00
|
|
|
assert field_accessible?(:password_confirmation)
|
2009-09-17 08:24:33 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should not have password salt accessible' do
|
|
|
|
|
assert_not field_accessible?(:password_salt)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should not have encrypted password accessible' do
|
|
|
|
|
assert_not field_accessible?(:encrypted_password)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should generate password salt after set the password' do
|
|
|
|
|
assert_present new_user.password_salt
|
|
|
|
|
assert_present create_user.password_salt
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should not generate salt while setting password to nil or blank string' do
|
|
|
|
|
assert_nil new_user(:password => nil).password_salt
|
|
|
|
|
assert_nil new_user(:password => '').password_salt
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should not change password salt when updating' do
|
|
|
|
|
user = create_user
|
|
|
|
|
salt = user.password_salt
|
|
|
|
|
user.expects(:password_salt=).never
|
|
|
|
|
user.save!
|
|
|
|
|
assert_equal salt, user.password_salt
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should generate a sha1 hash for password salt' do
|
|
|
|
|
now = Time.now
|
|
|
|
|
Time.stubs(:now).returns(now)
|
2009-09-17 10:06:46 -04:00
|
|
|
User.any_instance.stubs(:random_string).returns('random_string')
|
2009-09-17 08:24:33 -04:00
|
|
|
user = create_user
|
2009-09-18 11:03:41 -04:00
|
|
|
expected_salt = ::Digest::SHA1.hexdigest("--#{now.utc}--random_string--123456--")
|
2009-09-17 08:24:33 -04:00
|
|
|
assert_equal expected_salt, user.password_salt
|
|
|
|
|
end
|
|
|
|
|
|
2009-09-17 10:06:46 -04:00
|
|
|
test 'should never generate the same salt for different users' do
|
|
|
|
|
password_salts = []
|
|
|
|
|
10.times do
|
|
|
|
|
salt = new_user.password_salt
|
|
|
|
|
assert !password_salts.include?(salt)
|
|
|
|
|
password_salts << salt
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2009-09-17 08:24:33 -04:00
|
|
|
test 'should generate encrypted password after setting a password' do
|
|
|
|
|
assert_present new_user.encrypted_password
|
|
|
|
|
assert_present create_user.encrypted_password
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should not generate encrypted password while setting password to nil or blank string' do
|
|
|
|
|
assert_nil new_user(:password => nil).encrypted_password
|
|
|
|
|
assert_nil new_user(:password => '').encrypted_password
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should not encrypt password if it didn\'t change' do
|
|
|
|
|
user = create_user
|
|
|
|
|
encrypted_password = user.encrypted_password
|
|
|
|
|
user.expects(:encrypted_password=).never
|
2009-09-18 11:03:41 -04:00
|
|
|
user.password = '123456'
|
2009-09-17 08:24:33 -04:00
|
|
|
assert_equal encrypted_password, user.encrypted_password
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should encrypt password again if password has changed' do
|
|
|
|
|
user = create_user
|
|
|
|
|
encrypted_password = user.encrypted_password
|
|
|
|
|
user.password = 'new_password'
|
|
|
|
|
assert_not_equal encrypted_password, user.encrypted_password
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should encrypt password using a sha1 hash' do
|
2009-10-07 20:59:21 -04:00
|
|
|
Devise::Authenticable.pepper = 'pepper'
|
2009-10-08 18:16:43 -04:00
|
|
|
Devise::Authenticable.stretches = 1
|
2009-09-17 08:24:33 -04:00
|
|
|
user = create_user
|
2009-10-08 18:16:43 -04:00
|
|
|
expected_password = ::Digest::SHA1.hexdigest("--#{user.password_salt}--pepper--123456--pepper--")
|
2009-09-17 08:24:33 -04:00
|
|
|
assert_equal expected_password, user.encrypted_password
|
|
|
|
|
end
|
2009-09-17 08:46:40 -04:00
|
|
|
|
2009-09-17 10:06:46 -04:00
|
|
|
test 'should test for a valid password' do
|
|
|
|
|
user = create_user
|
2009-09-18 11:03:41 -04:00
|
|
|
assert user.valid_password?('123456')
|
|
|
|
|
assert_not user.valid_password?('654321')
|
2009-09-17 10:06:46 -04:00
|
|
|
end
|
|
|
|
|
|
2009-09-17 10:27:45 -04:00
|
|
|
test 'should authenticate a valid user with email and password and return it' do
|
2009-10-07 21:33:45 -04:00
|
|
|
user = create_user
|
2009-10-07 20:46:40 -04:00
|
|
|
User.any_instance.stubs(:confirmed?).returns(true)
|
2009-09-17 18:54:19 -04:00
|
|
|
authenticated_user = User.authenticate(user.email, user.password)
|
2009-09-17 08:46:40 -04:00
|
|
|
assert_equal authenticated_user, user
|
|
|
|
|
end
|
|
|
|
|
|
2009-09-17 18:54:19 -04:00
|
|
|
test 'should return nil when authenticating an invalid user by email' do
|
|
|
|
|
user = create_user
|
|
|
|
|
authenticated_user = User.authenticate('another.email@email.com', user.password)
|
|
|
|
|
assert_nil authenticated_user
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'should return nil when authenticating an invalid user by password' do
|
|
|
|
|
user = create_user
|
|
|
|
|
authenticated_user = User.authenticate(user.email, 'another_password')
|
2009-09-17 08:46:40 -04:00
|
|
|
assert_nil authenticated_user
|
|
|
|
|
end
|
2009-09-17 08:24:33 -04:00
|
|
|
end
|
